Info Security Engineer III

Where compassion meets innovation and technology and our employees are family.

Thank you for your interest in joining our team! Please review the job information below.

General Purpose of Job:

Ensure the confidentiality, integrity and availability of Driscoll Health System information systems and assets. Participates in ongoing enforcement and monitoring activities related to security and privacy in compliance with organizational policy, regulatory requirements, federal and state laws, accreditation standards, and industry standards.

Essential Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This job description is not intended to be all-inclusive; employees will perform other reasonably related business duties as assigned by the immediate supervisor and/or hospital administration as required.

• Plan, implement, and maintain comprehensive enterprise-wide Information Security policies, strategies, and systems that protect the organization’s information systems in accordance with applicable laws, regulatory requirements, and industry standards.
• Oversee and coordinate technical projects, ensuring alignment with organizational objectives and adherence to established security policies and practices.
• Develop and refine advanced technical systems, controls, policies, and procedures to enhance the protection of information systems assets and data from intentional or inadvertent disruption, modification, disclosure, or destruction.
• Mentor and provide guidance to team on technical and professional development.
• Design and deliver advanced awareness training for the workforce on information security standards, policies, and best practices, tailored to emerging threats and organizational needs.
• Manage the installation and optimization of firewalls, data encryption technologies, and other advanced security products and procedures.
• Perform and oversee regular, detailed network scans and vulnerability assessments, providing remediation plans and prioritizing critical issues.
• Conduct complex penetration testing, simulating advanced threat scenarios to identify exploitable weaknesses and ensure the organization’s systems are resilient.
• Proactively monitor networks and systems for security breaches and anomalous behaviors, utilizing advanced intrusion detection and response tools.
• Lead high-priority incident response efforts, coordinating cross-functional teams to minimize impact, and conducting comprehensive forensic investigations to identify root causes and lessons learned.
• Design and implement enterprise-class security architectures that support a production environment while aligning with the organization’s strategic goals.
• Proactively identify and evaluate current and emerging security threats, devising strategies to mitigate risks. 
• Champion the implementation of cutting-edge security architecture elements and solutions to address dynamic threat landscapes.
• Maintain an expert level of knowledge and skills related to:
• Systems, platforms, and technologies critical to the organization’s security posture.
• Regulatory and legal compliance requirements at federal, state, and local levels.
• Emerging advancements in information security and related technologies.
• Adheres to hospital policies and procedures and demonstrates business practices and personal actions that are ethical and adhere to corporate compliance and integrity guidelines always maintaining utmost level of confidentiality.
• Communicate and collaborate effectively with external technology representatives, vendors, and support staff to ensure seamless security integration and maintenance.
• Communicate or collaborate with hospital staff, managers, and administration.
• Act as a subject matter expert (SME) in information security, offering strategic and technical leadership across the organization.
• Independently perform a full range of tasks with minimal supervision, exercising significant discretion and judgment while working within established guidelines.
• Report to the Information Security & Compliance Manager in the Information Security & Controls Department and provide regular updates on progress, risks, and opportunities.
• Performs other related work assignments as required.

Education and/or Experience:

• Bachelor's degree (B. A.) from four-year college or university; or one to two years related experience and/or training; or equivalent combination of education and experience.
• Incumbents typically have 5-8 years’ professional experience in Information Systems including 4-8 years in Information Systems Security.

Certificates, Licenses, Registrations

• Certified Information Security Systems Professional (ISC2 - CISSP) Required or obtained within 1st year of hire.